Privacy forms an intrinsic part of our everyday life. So much so – that the Supreme Court declared it to be a Fundamental Right under the Indian Constitution. The Government too is working to legislate a Data Protection Law to better protect our privacy. As we transact on digital platforms it is the encryption technology that ensures user privacy, safety and security. These platforms utilise the end-to-end technology which entails that our messages cannot be tracked in transit, in a way that no one, not even the platform like a WhatsApp or a Signal- can read our messages.
Human vices like drug trade, propaganda and child sexual abuse have also leveraged these platforms to achieve virality. It is to tackle these challenges that the State purports to bring in the New Information Technology Rules of 2021. The New IT Rules albeit progressive have a few challenges. For instance its mandate for Significant Social Media Intermediaries providing messaging services like WhatsApp and Signal to ensure ‘originator traceability’ (tell me who the sender is) is quite concerning. While the Government has maintained that it does not wish to break encryption, there exists no known technology to implement the traceability mandate without weakening encryption. From the Global Encryption Coalition and the Internet Society to Groups of Crypto and Cybersecurity Experts have reiterated on multiple occasions that weakening encryption through mandates like ‘traceability’ or ‘backdoors’ will only open a pandora’s box, creating more challenges than it seeks to resolve. Even the Telecom Regulatory Authority of India in its 2020 recommendations opined that the security architecture of end-to-end encrypted technologies should not be tinkered with, else it will render the users susceptible to attacks by hostile actors.
Encryption not only enables secure banking, e-commerce and messaging for the citizenry but also confidentiality for journalists and businesses. Any secret door for the ‘exceptional access’ of the State can also be exploited by non-state actors or enemy states. For instance, in Greece, the Government surveillance program was repurposed by hostile actors to surveil the political and military elites of Athens.
There is no denying the fact that the Government has a legitimate interest in stopping such crimes. What is required is a more informed and collaborative approach to tackle these challenges in the cyber realm. There is a need for the Big Tech, the State & the Law Enforcement Agencies to work together to find meaningful solutions. For instance, platforms sharing ‘limited’ meta-data, and not content data, with Law Enforcement Agencies. It is equally important for the Big Tech to assist in training the Law Enforcement Agencies and build their meta-data analysis capabilities.
While finding solutions to tackle challenges in the cyber realm we must ensure that user privacy and national security of the State is not compromised. All such measures must be weighed on the touchstone of the Puttaswamy test as ruled by the hon’ble Supreme Court. Most importantly, we need a robust data protection law and an independent data protection authority to protect user rights and ensure national security.